A web application firewall inspects requests and filters those that are deemed malicious. In comparison, Client Reputation focuses on the source of the request, and determines the extent to which that source has sent malicious requests in the past. Register today for this upcoming webcast to find out more!

SC Magazine's SC Congress returns to London on 3 March, 2015 with an all new programme! Here is your chance to catch a full day of hard-hitting information security news and solutions from leaders in their industries that you can implement for your company.

As employees increasingly have mobile access to the corporate network this webcast will discuss the steps organisations can take to minimise risk among their workforce and detail what a mobile device management policy should look like and how to enforce it. Register today for this SC editorial webcast!

Imprivata CEO looks at IAM in the past and healthcare in the future

This week I met with Imprivata CEO Omar Hussain, head of a company that has nailed its colours well and truly to the mast of healthcare security.

Hussain said the company is focused on healthcare and rather than doing standard "fortress protection" technology such as intrusion prevention and anti-virus, it prioritised security around accessing information to offer a standardised solution to accelerate and enable productivity.

He said: “Prior to three years ago, we made a conscious decision to move away from password management and identity and access management (IAM) to focus on healthcare. We make technology that makes it easier to access information that makes it easy for everyone to use to save time and money and enabling healthcare security.

“We are now playing a big role in healthcare and patient privacy as everybody is afraid that they don't want medical details to become public knowledge as it cannot be taken back once it is out.”

Hussain said existing solutions have made it harder for clinical staff, as they have not been specifically designed for healthcare environments, while it has decided to deliver "a better product that makes access easier".

“If it can save five clicks it can add up to a ton of money and time saved,” he said. “The customer tells me that after the electronic medical record (EMR), this is the most critical solution.”

Last year the company announced a deployment of its single sign-on technology across 97 hospitals and 1,300 GP practices by NHS Scotland. This week it announced that 91 English trusts and three in Northern Ireland are using its OneSign product.

Among the new products and features introduced is CorText, a secure texting service for clinicians, which enables them to instantly and securely collaborate with each other by sending images of clinical exam findings, EKGs and radiological studies.

Hussain said: “Texting is not used in healthcare as information is exposed and there is no backup or archive. We have added location services, status updates and notifications – so if you send data you know that the recipient has got it and looked at it.”

The company also announced a developer programme that will enable third-party vendors to embed its No Click Access capabilities, single sign-on and authentication management technology into their software and hardware devices.

I asked Hussain if he was responding to customer requests with the launches, or going by trends. He said: “I don't think that customers know what they need, but they know what their problems are. We get a board of customers together twice a year and talk about what they are dealing with.

“The CEO will say to me we don't have a texting problem as the nurses are not carrying phones, but the CIO will say that their number-one problem is that they cannot control devices. Look at trends, people want mobility and want to use technology as the IT side is boring but productivity is improved for machinery.

“Look at the evolution of healthcare, it is an industry that embraces technology, but one of the biggest hindrances is security restrictions on patient privacy.”

He said that rather than embracing consumerisation of IT, healthcare was fighting it as there was too much risk with sensitive medical information being stored on a personal device.

He said: “People ask if security and patient privacy are a big concern. I say if you are taking medicine for something sensitive like an sexually transmitted disease or alcohol abuse, then if the answer is no, it is not a big problem. If the answer is yes, then it is a huge issue.

“This is why it will become more and more important as patient privacy will become a critical component. Even if it is in a file in a clerk's office, once it is available anyone can get it.”

Looking at the IAM sector, I asked Hussain how he saw it now that it was well into the healthcare-specific area. He said IAM is a "huge gamut" of technologies and vendors who do different things, or "stack vendors", and the challenge for end-users was to decide whether to buy the stack or best of breed.

“This is not a business we are in, with pure single sign-on we will win a deal and that is why we got out of IAM,” he said.

Hussain concluded by saying that Imprivata do not attend the Infosecurity Europe show any more. Is this because the company is now so focused on healthcare that information security is not a concern? Of course not, its decision to allow other vendors to use its technology proves that it still has one foot in security.

However, the company's decision to focus on healthcare will likely lead it to develop solutions for customer needs on strict data protection: something that becomes ever more challenging as regulation changes.

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.